Setting Up User Authentication in Laravel Using Confide

User authentication is part of almost every web application. Although it is common, a deeper look shows that it’s not as simple as it may seem. Remember that validation, password recovery, and email confirmation are vital to any decent authentication form.

Confide is an authentication solution for Laravel made to reduce the repetitive work involving the management of users. It's a DRY approach on features like account creation, login, logout, confirmation by e-mail, password reset, etc.

Since the early versions, Confide always had good adoption among developers and a wide presence in Laravel projects. With a recent update, the package is now compatible with Laravel 4.2 which is the latest stable release of Laravel at the time of this writing.

What We Are Going to Do

In this tutorial, we’ll start from the very beginning by creating our Laravel app using Composer and then:

create a signup form with a full set of validation rules

a login form with a "forgot my password" option that will send a link for the user to redefine his password

use Laravel filters to only allow logged users can access a specific route.

Creating the Application

First of all, let's create the application using Composer.

$ composer create-project laravel/laravel myapp

Installing Confide

Now, with inside the project directory, edit the require key of composer.json file and include confide entry:

Set the address and name in config/mail.php. This config will be used to send account confirmation and password reset emails to the users. For this tutorial, you can use your personal SMTP server to get things working

User model

Now generate the Confide migrations by running:

$ php artisan confide:migration $ php artisan migrate

This will setup a table containing email, password, remember_token, confirmation_code and confirmed columns. These are the default fields needed for Confide. Feel free to add more columns to the table later.

Now go ahead and access http://localhost:8000/users/create to create our first user. You will receive a confirmation email right after submitting the form (if you have filled the config/mail.php with the correct values). Log-in and you will see the username on the screen.

Improving Visuals

The default forms of Confide are compatible with Bootstrap. So don't be intimidated by the "ugliness" of them on a page without any CSS. Edit the controller generated by Confide (UserController.php) and update the create method to:

<?php
public function create() {
return View::make('users.signup');
}

Thus our application will render the View users.signup. Let's create this view in app/views/users as signup.blade.php with the following content:

Now that we have applied the filter to all routes within userpanel. We will need a small tweak to ensure that the auth filter will redirect the user to the correct login URL. Edit app/filters.php on line 46 in order to replace return Redirect::guest('login'); with:

... return Redirect::guest('users/login'); ...

That done, the userpanel/dashboard page will only be available for users who are logged into the application. The filter will redirect guest users to the login form and then back to the dashboard once they are logged in.

Conclusion

It is possible to note that we were able to quickly set up user authentication for our app. Also, the generated controller, migration and routes can be edited to customize how we will handle each detail.

We have not focused much on the ConfideUser trait, but I believe it's important to clear things up. Once your model uses the ConfideUser trait, you don't need to worry about implementing the basic logic. At the same time, you still can overwrite the methods and customize them, if necessary.

We can say that Confide is a DRY approach to user authentication. It offers the convenience of having the functionality out-of-the-box while still allows high customization.